U.S. tells computer users to disable Java software

Updated 9:00 p.m. ET

WASHINGTON The U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks.

The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts.

• Read the US-CERT release concerning Java

Experts believe hackers have found a flaw in Java's coding that creates an opening for criminal activity and other high-tech mischief.

CNET's Topher Kessler writes:

"The malware has currently been seen attacking Windows, Linux and Unix systems, and while so far has not focused on OS X, may be able to do so given OS X is largely similar to Unix and Java is cross-platform.

Even though the exploit has not been seen in OS X, Apple has taken steps to block it by issuing an update to its built-in XProtect system to block the current version of the Java 7 runtime and require users install an as of yet unreleased version of the Java runtime.

Luckily with the latest versions of Java, users who need to keep it active can change a couple of settings to help secure their systems. Go to the Java Control Panel that is installed along with the runtime, and in the Security section uncheck the option to "Enable Java content in the browser," which will disable the browser plug-in. This will prevent the inadvertent execution of exploits that may be stumbled upon when browsing the Web, and is a recommended setting for most people to do. If you need to see a Java applet on the Web, then you can always temporarily re-enable the plug-in.

The second setting is to increase the security level of the Java runtime, which can also be done in the same Security section of the Java Control Panel. The default security level is Medium, but you can increase this to High or Very High. At the High level, Java will prompt you for approval before running any unsigned Java code, and at the Very High level all Java code will require such approval, regardless of whether or not it is signed."

Java is a widely used technical language that allows computer programmers to write a wide variety of Internet applications and other software programs that can run on just about any computer's operating system.

Oracle Corp. bought Java as part of a $7.3 billion acquisition of the software's creator, Sun Microsystems, in 2010.

Oracle, which is based in Redwood Shores, Calif., had no immediate comment late Friday.

[Jorlan1]

Really is it the governments role to advise computer users NOT to use of a particular software. This advisement seems unconstitutional and it is a dangerous precedent to make.

[jeffsilverm]

You could use icetea, which is an open source Java implementation. You don't have to be a slave to a big corporation if you don't want to.

[OliverHolz]

HYPNOTOAD72: You need to get a girlfriend. Seriously.

[Transatlantique]

I thought having a Mac would take this complicated gobbledygook out of the picture. What a technical nightmare this is.

[hypnotoad72]

Gee, where are all the folks who say government shouldn't be dictating what to do?

Indeed, given other platforms' longer histories of malware (especially Windows), why didn't government care back then?

Or Microsoft...

http://www.zdnet.com/blog/security/does-microsofts-sharing-of-source-code-with-china-and-russia-pose-a-security-risk/6789

[foo8259]

J_MCDONALD-2009 replies: Just to be clear, Java and Javascript are two entirely distinct languages.

Exactly!

[foo8259]

Goto main control panel/Programs/Java/Java control Panel/Advanced/Java Plug-In/then disable or uncheck : "Next Generation Java Plug-In."

Quite a drill down -- I hope this helps though.

[carolinasistah]

Thank you for the clear directions. It helped alot.

[foo8259]

Just install the Opera browser without Java, and then disable JavaScript globally, or per web page in settings. Opera is the fastest and most secure of browsers out there. Also download an ad and flash killer add-on or proxy.

[hypnotoad72]

Non-sequitur.

Some major applications use Java for cross-platform compatibility and have nothing to do with web browsers.

What will you do about those, since some of those apps are from big-name vendors...

[shubbell]

What does JavaScript have to do with anything?

[tonynazar]

If you run the superior OS, Mac 10.8, Apple has already taken care of the problem.

[hypnotoad72]

Fail.

http://www.smallbiztechnology.com/archive/2012/04/the-truth-macs-are-not-more-secure-than-pcs-we-all-must-be-vigilant.html/

PWN2OWN has also found many incidents of Apple's OS being hole-ridden as well.

[quincytodd]

There should be an easier way to keep malware off your web page. They need to send us instructions on how to disable or uninstall Java7. Not everyone here is quite so computer savy.

[Alabama-Auburn-Rules]

If you use Firefox as your browser, go to add ons and search for Java control panel it's called Quick Java 1.8.0 ..this will install the ability to enable or disable java on any site in one click, right from your browser window on the bottom banner; hope this helps. Otherwise, (while online from your browser) go to Tools, Options, then click the content tab, you can disable Java here as well.

[foo8259]

Or ... just switch to Opera: opera.com or install kubuntu linux with opera , firefox or Konqueror as browsers?